Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [2.8.0] Limiter rule not honored on LAN download with multiple limiters & queues

    Scheduled Pinned Locked Moved Traffic Shaping
    3 Posts 2 Posters 281 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NWOSwamp
      last edited by

      I experienced this issue at multiple sites with a fresh install of 2.8.0 with a restored the configuration from 2.7.2. I was able to reproduce in my lab with fresh installs of 2.8.0 and 2.7.2.

      tl;dr: I have limiters & children queues for bufferbloat on Floating rules. Additional limiters set for max bandwidth usage on some VLAN interfaces (eg: guest Internet). With both limiters enabled, the limiter rules on the LAN/VLAN interfaces are not being honored in 2.8.0.

      Setup on a fresh install, after basic configuration:
      Firewall -> Traffic Shaper -> Limiters:
      New
      Enable
      Name: WAN-in
      20 Mbit/s
      Algorithm: CoDel
      Scheduler: FQ_CODEL
      Save
      Edit WAN-in
      ECN
      Save
      WAN-in
      Add new Queue
      Enable
      Name: WAN-in-q
      Algorithm: CoDel
      Save
      Edit WAN-in-q
      ECN
      Save
      Create second identical limiter and queue for "WAN-out" and "WAN-out-q". Set different Bandwidth, 100 Mbit/s

      New
      Enable
      Name: LAN-in
      2 Mbit/s
      Algorithm: Tail Drop default
      Scheduler: FIFO
      Save
      Create second identical limiter "LAN-out". Set different Bandwidth, 5 Mbit/s

      Firewall -> Rules -> Floating:
      Add
      Pass
      Quick
      WAN
      Dir: out
      Address Family: IPv4 default
      Proto: Any
      Source: WAN address
      Description: Bufferbloat
      Advanced
      Gateway: WAN_DHCP
      In / Out pipe: WAN-in-q / WAN-out-q
      Save

      Firewall -> Rules -> LAN:
      Edit Default allow LAN rule
      Advanced
      In / Out pipe: LAN-in / LAN-out
      Save
      Disable Default allow LAN IPv6 to any rule - just in case.

      Reboot router and PC on LAN for good measure. I use openspeedtest.com. Also verified with fast.com and speedtest.net

      Expected results and results seen on LAN interface v2.7.2:
      Download: ~5 Mbps (LAN-out limiter value)
      Upload: ~2 Mbps (LAN-in limiter value)

      Actual results on LAN interface v2.8.0:
      Download: ~100 Mpbs (presumably WAN-out-q limiter value)
      Upload: ~2 Mbps (LAN-in limiter value)

      Fix: Bufferbloat rule is less important. Edit Floating rule, set In / Out pipe: none / none. Save. Reboot PC. Retest.
      Download: ~5 Mbps (LAN-out limiter value)
      Upload: ~2 Mbps (LAN-in limiter value)
      are observed.

      Let me know if I can provide any other details.

      P 1 Reply Last reply Reply Quote 0
      • P
        pst @NWOSwamp
        last edited by

        @NWOSwamp I can confirm I see a similar behaviour in the 25.03-beta (June10).

        If I only configure limiters on LAN (here I have configured LANUp 75Mb/s LanDown 200Mb/s), those limits are adhered to when running speedtest for example.

        8c762aa3-c547-4f51-ac68-c48f57b823de-image.png

        speedtest.net result:

        80130c36-8974-49b1-ac8f-aee00fa9fd72-image.png

        When I add a floating rule to WAN according to the buffer bloat recipe (https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html)

        e0a44bf9-a95d-44b0-baf0-935241fa54e1-image.png

        the configured download limit for LAN is no longer adhered to, instead another limit (the WAN configured limit? or no limit) seems to be used.

        18522263-da9e-4942-9e23-6cba86557001-image.png

        The upload limit, however, seems to be adhered to.

        Bug?

        P 1 Reply Last reply Reply Quote 0
        • P
          pst @pst
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • P pst referenced this topic on
          • N NWOSwamp referenced this topic
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.